/*
 * Copyright 2014 The Netty Project
 *
 * The Netty Project licenses this file to you under the Apache License,
 * version 2.0 (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at:
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */
package io.netty.handler.ipfilter;

import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;

import java.net.SocketAddress;

This class provides the functionality to either accept or reject new Channels based on their IP address.

You should inherit from this class if you would like to implement your own IP-based filter. Basically you have to implement accept(ChannelHandlerContext, SocketAddress) to decided whether you want to accept or reject a connection from the remote address.

Furthermore overriding channelRejected(ChannelHandlerContext, SocketAddress) gives you the flexibility to respond to rejected (denied) connections. If you do not want to send a response, just have it return null. Take a look at RuleBasedIpFilter for details.

/** * This class provides the functionality to either accept or reject new {@link Channel}s * based on their IP address. * <p> * You should inherit from this class if you would like to implement your own IP-based filter. Basically you have to * implement {@link #accept(ChannelHandlerContext, SocketAddress)} to decided whether you want to accept or reject * a connection from the remote address. * <p> * Furthermore overriding {@link #channelRejected(ChannelHandlerContext, SocketAddress)} gives you the * flexibility to respond to rejected (denied) connections. If you do not want to send a response, just have it return * null. Take a look at {@link RuleBasedIpFilter} for details. */
public abstract class AbstractRemoteAddressFilter<T extends SocketAddress> extends ChannelInboundHandlerAdapter { @Override public void channelRegistered(ChannelHandlerContext ctx) throws Exception { handleNewChannel(ctx); ctx.fireChannelRegistered(); } @Override public void channelActive(ChannelHandlerContext ctx) throws Exception { if (!handleNewChannel(ctx)) { throw new IllegalStateException("cannot determine to accept or reject a channel: " + ctx.channel()); } else { ctx.fireChannelActive(); } } private boolean handleNewChannel(ChannelHandlerContext ctx) throws Exception { @SuppressWarnings("unchecked") T remoteAddress = (T) ctx.channel().remoteAddress(); // If the remote address is not available yet, defer the decision. if (remoteAddress == null) { return false; } // No need to keep this handler in the pipeline anymore because the decision is going to be made now. // Also, this will prevent the subsequent events from being handled by this handler. ctx.pipeline().remove(this); if (accept(ctx, remoteAddress)) { channelAccepted(ctx, remoteAddress); } else { ChannelFuture rejectedFuture = channelRejected(ctx, remoteAddress); if (rejectedFuture != null) { rejectedFuture.addListener(ChannelFutureListener.CLOSE); } else { ctx.close(); } } return true; }
This method is called immediately after a Channel gets registered.
Returns:Return true if connections from this IP address and port should be accepted. False otherwise.
/** * This method is called immediately after a {@link io.netty.channel.Channel} gets registered. * * @return Return true if connections from this IP address and port should be accepted. False otherwise. */
protected abstract boolean accept(ChannelHandlerContext ctx, T remoteAddress) throws Exception;
This method is called if remoteAddress gets accepted by accept(ChannelHandlerContext, SocketAddress). You should override it if you would like to handle (e.g. respond to) accepted addresses.
/** * This method is called if {@code remoteAddress} gets accepted by * {@link #accept(ChannelHandlerContext, SocketAddress)}. You should override it if you would like to handle * (e.g. respond to) accepted addresses. */
@SuppressWarnings("UnusedParameters") protected void channelAccepted(ChannelHandlerContext ctx, T remoteAddress) { }
This method is called if remoteAddress gets rejected by accept(ChannelHandlerContext, SocketAddress). You should override it if you would like to handle (e.g. respond to) rejected addresses.
Returns:A ChannelFuture if you perform I/O operations, so that the Channel can be closed once it completes. Null otherwise.
/** * This method is called if {@code remoteAddress} gets rejected by * {@link #accept(ChannelHandlerContext, SocketAddress)}. You should override it if you would like to handle * (e.g. respond to) rejected addresses. * * @return A {@link ChannelFuture} if you perform I/O operations, so that * the {@link Channel} can be closed once it completes. Null otherwise. */
@SuppressWarnings("UnusedParameters") protected ChannelFuture channelRejected(ChannelHandlerContext ctx, T remoteAddress) { return null; } }